| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Uprev to the latest release of cri-o to pick up some fixes and
CVEs. Makefile updates along with updates to the go.bbclass allow us
to remove most of the do_compile() tweaks that were in place. To test
that these removals are sane builds were done for x86_64 and arm64 in
docker containers with network=none, no issues were found.
Quite a few runtime tests were done as well since we are stepping up 2
releases, and we also just uprev'd 'cni' and wanted to validate its
runtime as well.
Once the system is started and cri-o is given time to start you can
use the new 'crio-status info' command to retrieve the runtime status
of cri-o:
root@qemux86-64:~# crio-status info
cgroup driver: cgroupfs
storage driver:
storage root: /var/lib/containers/storage
default GID mappings (format <container>:<host>:<size>):
0:0:4294967295
default UID mappings (format <container>:<host>:<size>):
0:0:4294967295
Additionally 'crictl' was installed (the recipe will be submitted
shortly) and the cri-o Tutorial found here was run
(https://github.com/cri-o/cri-o/blob/master/tutorials/crictl.md)
In order to run the tutorial /etc/cni/net.d/99-loopback.conf and
/etc/containers/policy.json were taken from
./contrib/cni/99-loopback.conf and ./contrib/policy.json in the cri-o
src repo. The sandbox_config.json and container_redis.json were taken
from https://github.com/cri-o/cri-o/blob/master/test/testdata (note:
using core-image-minimal with systemd enabled I had to remove
"cpu_period": 10000 and "cpu_quota": 20000 to get the tutorial to
work). We are not able to use the loopback networking to telnet to the
redis container, but we can use other techniques to validate that it
is running.
root@qemux86-64:~# /usr/lib/go/src/import/_output/crictl --runtime-endpoint unix:///var/run/crio/crio.sock ps
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID
72718714360ef quay.io/crio/redis:alpine 47 seconds ago Running podsandbox1-redis 0 38b97e5a7bb99
root@qemux86-64:~# /usr/lib/go/src/import/_output/crictl --runtime-endpoint unix:///var/run/crio/crio.sock exec -i 72718714360ef cat /etc/issue
Welcome to Alpine Linux 3.7
Kernel \r on an \m (\l)
The CRIO_BUILD_CROSS approach was no longer valid and was
dropped. There is most likely some other cleanup we can do but this
gets us to a good state on the latest release.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since go was upgraded to 1.13, there is a failure:
...
| src/vendor/golang.org/x/net/http2/frame.go:17:2: use of vendored package not allowed
| ../../../recipe-sysroot/usr/lib64/go/src/net/http/h2_bundle.go:49:2: use of vendored package not allowed
...
Refer upstream suggestion [1]:
`or copying your vendor contents into GOPATH/src rather than
mapping them in to GOPATH/src/vendor.'
[1] https://github.com/golang/go/issues/34068
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Since commit [a092153 containerd: Disable for all mips machines] applied,
and the cri-o runtime depends `virtual/containerd', it should do the same
thing to disable for all mips machines
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
ostree is now provided by meta-oe, which is a required layer so
we can drop it from the anonymous python checks for layers.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Use a standard location to store the cni tools and plugins. This
is more in line how other distributions package cni. Keep a symlink
to /opt/cni/bin for backward compatibility.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Since comit 3f64779e in meta-oe:
[ libdevmapper/lvm2: force recipe libdevmapper to populate sysroot only ]
libdevmapper recipe does not provide package any more, we need RDEPENDS
on libdevmapper which is being provided by lvm2 recipe.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
cri-o depends on ostree, libselinux and libseccomp
and we should check if the layer which provides these
recipes exist or not before go on.
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the go-lang container recipes were first created there were issues
with strip and the resulting binaries. As such, strip was inhibited for
the various packages.
This variable is now set in the default classes, and tests show that
strip works on the binaries (saving up to 2M on disk for some binaries)
with no runtime issues found.
So we drop our explicit set of the inhibit and let the build proceed
by the defaults.
If issues are found, we can re-enable the setting or bbappends can
turn it back on for builds showing issues.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updating to the 1.15 release.
With this update there are significant new build constraints and
dependencies. As such, the cross binaries are now being be built
by default, with the old (non-cross) build being kept around as
an optional way to build the components.
There are still issues with the non-cross build, so it will
require more work in the future.
We also document the requirement for selinux and seccomp in the
README as dependencies if you build cri-o.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Part of building cri-o is the generation of the 'conmon/config.h'
file. The content of this file is dynamic in that it has buffer sizes
and a socket path which will depend on constants that are set in other
parts of the code. For example the socket path can be setup for
Windows or for Linux.
To generate 'conmon/config.h' a small GO application is built and run
called crio-config. This isn't really suitable for a -native package
but we do have to run crio-config on the build host so we don't want
to cross compile it. We therefor use the native GO to build this. This
change allows things to work when the build host arch and the target
arch don't match. A small update to the Makefile avoids mixing build
host arch and target arch GO packages.
Finally, We drop the crio-config binary from the install as it is only
used to create the conmon/config.h as part of the build. This is
consistent with the Makefile's install rule which does not install
this binary as it has no use on the target.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After oe-core commits
5f48939e2640 [goarch.bbclass: use MACHINEOVERRIDES and simplify go_map_arm()]
6300c4a83f7c [go.bbclass:Export more GO* environment variables]
we see a build failure with cri-o:
| go build runtime/cgo: attempting to install package runtime/cgo into read-only GOROOT
| Makefile:112: recipe for target 'conmon/config.h' failed
| make: *** [conmon/config.h] Error 1
to avoid this we should not overwrite the GO* environment being setup
by the go.bbclass, so we drop most of our GO* exports here.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
| |
Bumping to the next cri-o release branch
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Since kubernetes is now on 1.12, we need to sync our cri-o release
to match.
There are some build changes to the utilities, and a patch refresh,
but otherwise, this is very similar to the exiting build of cri-o.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
We aren't running any ptests for cri-o (it is hard to test in
isolation), and the update to go 1.11 has broken the build in the
ptest phase.
For now, we remove the task to get the build running again.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
To prepare for native kubernetes support without docker on a target,
we integrate the cri-o incubator project.
cri-o is meant to provide an integration path between OCI conformant
runtimes and the kubelet. Specifically, it implements the Kubelet
Container Runtime Interface (CRI) using OCI conformant runtimes.
The scope of cri-o is tied to the scope of the CRI.
This initial introduction is build + packaging only. It is expected
that configuration and deployment tweaks are done at the distro
level.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
